Law firms big target for hackers, but why?

Law firms big target for hackers, but why?

Law firms are having a hard time adopting new technologies, and it’s causing them to become soft targets for hackers. The legal industry is vulnerable to cyber-attacks more than most other industries for several reasons. To be fair, 7 out of 10 businesses are unprepared to deal with a cyber-attack. For cyber criminals, the legal sector is a very lucrative target – and today, we’re going to explore the main reasons why cyber-attacks are on the rise.

Cybersecurity is not a priority

First, law firms have not really taken cybersecurity that seriously, it is more like an after-thought despite the rise in cyber-attacks. It’s not that lawyers don’t believe in security; it is just that it is not currently a priority. The cyber-attacks that are used the most against law firms are ransomware, malware, phishing scams, data breaches, and hacked email accounts. Hackers know that lawyers make great money, and would pay any ransom to get their data back to save their practice. Phishing scams are rising incredibly this year due to its success rate of stealing login and account information. Data breaches are normally a result of a hacked email which has been accessed (in many cases) by phishing scams, or superficial passwords.

Valuable information is worth stealing

Second, law firms handle a lot of sensitive information, and often information that could be incriminating. Imagine large quantities of valuable and quality documents filled with business strategies, financial information, and health information available at the fingertips of a cybercriminal. For hackers, law firms hold a gold mine of information that can be resold on the black market for high profit. Unfortunately, only a third of lawyers use an encryption software to secure their information. Only 25% of law firms use two-factor authentication to verify user identification.

Their website is not secured

Have you ever gone to a website and realized that it was “unsecured”, and got this uneasy feeling? When a website is not secured, it is not providing a secure connection to its visitors. Unsecured websites are prime targets for hackers because it’s easy to infiltrate or intercept information that is transmitted through the website. Legal firms with websites that are labeled “unsecured” should immediately fix this issue by gaining an SSL certificate, to ensure an encrypted (secure) connection.

Untrained employees

The likelihood of an untrained employee opening a spear-phishing email is about 70%. This staggering majority makes it easier for hackers to gain access to valuable information. In fact, it is one of the biggest threats to any law firm as 90% of all data breaches are caused by an employee mistake. It is critical that the legal industry makes security training a priority, since hackers target a firm’s weakest link – its people.  


Looking to secure your law firm? Discover ExchangeDefender PRO – our advanced email security suite that protects against email-borne threats and advanced attacks.